When a Tech Firm Isn’t Quite a Tech Firm
Recently, I’ve worked with several firms that present like tech companies—clean interfaces, structured onboarding, and seemingly product-led delivery. But beneath the surface, many operate more like professional services businesses wrapped in a layer of tech and rely heavily on niche APIs.
These hybrid firms are often deeply human in their approach. Their services evolve hand-in-hand with customer needs, and that’s a real strength.
Organic Growth = Complex Journeys
One consistent trait? Their customer journeys are intricate—and often undocumented. Over time, they’ve layered on tools, platforms, and integrations to meet growing demands.
Helping them map that out—especially in a visual format—is something I love doing. It’s often the first time they’ve seen a clear view of their operational reality. The reaction is usually the same: surprised, sometimes proud, occasionally overwhelmed. But always more informed.
No In-House Code, But Real Tech Exposure
Here’s the critical point: many of these firms don’t build their own software. They don’t have dev teams or engineers. Instead, they rely on third-party tools and APIs to deliver their offering.
So, should you still run Tech DD?
Absolutely. But it’s not always traditional Tech DD. You’re not assessing proprietary code or engineering practices—you’re examining digital architecture, vendor reliance, and data exposure.
Our ‘Outside-In’ Approach
To address this, we’ve created a lightweight pre-DD assessment: our Outside-In service. It looks at the company from the outside—before going deep.
Think of it as a hands-on generalist assessing:
- Digital footprint
- Tech dependencies
- Security posture
It’s ideal for firms where the tech is externally built but mission-critical.
What We Uncover
This approach lets us quickly identify:
- (a) Which APIs, platforms, and third-party tools are in play
- (b) What risks or vulnerabilities they introduce
- (c) How dependent the firm is on things it doesn’t fully control
Real Example: Healthcare Meets Vendor Risk
One recent case: a professional services firm in healthcare. They handled sensitive PII, connected to the NHS spine, and used third-party tools to share data.
One of their APIn vendors—while industry-specific—had major weaknesses: poor security, limited resourcing (thank you, LinekdIn). They’d onboarded the vendor years ago, with no structured diligence. A familiar story.
We flagged the issue, advised both investor and target, and the problem was addressed well before completion.
The Bottom Line
If a vendor is essential to delivering the product or service, it deserves scrutiny—no matter how small or niche they are.
Niche vendor = potential risk.
And that’s where we come in.
Check out: Choosing an API Company: 14 Points for Due Diligence
